Some computer hardware is designed to maintain secret information against software and other attacks. Some computer hardware uses hardware hooks in the processors and chipsets to protect memory secrets. Memory secrets may include things like encryption keys, passwords, personal data, etc. for protection from malicious agents. Some hardware can remember the presence of secrets in memory across a platform reset/power cycle, and memory controllers can lock memory upon these platform events.
VMM (Virtual Machine Monitor) or components in the launch environment software can place and remove secrets in system memory. VMM explicitly notifies the hardware about the presence of secrets. VMM manages secrets in memory using a write CMD.SECRETS or CMD.NOSECRETS to hardware protected registers, depending on the presence of memory secrets. The hardware protected registers are located, for example, in an Input/Output Hub (IOH) portion of the chipset or in a South Bridge part of the chip set). These registers are protected by hardware from attack. In current industry implementations software and/or firmware code may be written in motherboard components by an Original Equipment Manufacturer (OEM). This OEM code is executed on every reset and performs processor/chipset initialization. If the OEM does not appropriately protect this code, an attacker can substitute rogue code which allows the secrets to be accessed.